The other xfinitywifi MAC number (the log didn't catch it) is 104f73fed566674ac01097222c5f9a013

Don't seem very useful though. Even the MAC's from my two devices don't seem to have any common bytes. There are two "xfinitywifi" nodes that appear and disappear frequently during just a few minutes monitoring (presumably due to weak signals?). But I was mistaken, their numbers do not change. I am pretty certain they aren't from my modem/router though. The signal levels are much lower.

Comcast kept sending me mail about how my brand-new modem was too slow. Then they changed their modem page, raising the rated speed of the TM822G, and stopped sending me mail. So far, it has been working fine at 120Mbps down, 11Mbps up.

There could be a legitimate technical reason for this. DOCSIS involves multiple channels of data (similar in concept to Wi-Fi channels). Each one has a particular frequency and bandwidth and encodes data using various kinds of QAM (very similar to mobile phones, actually). A modem typically connects to multiple channels at once ("channel bonding") in order to increase your overall bandwidth.

According to Wikipedia (DOCSIS: Throughput), DOCSIS 3.0 supports up to 42 Mbit/s per downstream channel and up to 30 Mbit/s per upstream channel. These are maxima - Comcast may or may not be serving up those rates.

That having been said, Comcast is supporting 25M per downstream channel, in which case, an 8-channel modem would max out at 200M (but would probably not be recommended for more than 100M, because network congestion might not let you realize the full bandwidth of every channel). A modem with more channels would let you realize more throughput, up to the maximum number of channels Comcast is serving on your segment of the network.

If Comcast later changes their infrastructure (e.g. bumps the per-channel speed from 25M to 40M), then all of a sudden that 8-channel modem has a theoretical maximum of 320M (and should probably work reliably at 150-200M).

Of course, this is all just speculation. My point is that it might not just be marketing when they said your modem was too slow and later said it was OK.

Well, for that kind of $, it had better be more than wishful thinking! :-)
I did run some modest tests against a few things, when I first got it (it seemed to work), and the online log says it has blocked several things in the past week. That said, yes, it also requires a BitDefender annual license and software. It's $99 per/year for all the bad guys you can eat.
There are some 60+ items in my house connected to the net (not just computers, but media boxes, amps, light switches, DVD player, Tivos, iPhones, iPads and on and on), so it amortizes well.
If you have suggestions as to how to test the Box per se, I'd be happy to hear them.
Tom's has a review here:

I read this exchange with interest, since I just replaced a Verizon router and an AirPort Extreme behind it with a $200 Synology RT2600ac. Among the “packages” Synology provides (free) is some Threat Prevention software that appears to do just about everything the BitDefender Box2 does. (And according to the log it provides, it’s raining threats in the Boston area! Many of them, a handy mapping feature shows me, apparently originating from nearby Kendall Square.)

The software also provides Parental Control, and the RT2600ac can act as a VPN and a server. No subscription, but Synology seems diligent about sending security advisories (two in the last month) and patches to registered owners.

I have no idea how something like the RT2600ac compares to the stand-alone BitDefender, and I'd be interested in hearing what someone who actually knows what they're talking about (not me) thinks about them.

Oh, and FWIW, I also have an Ooma Telo plugged into the thing - no issues related to latency or anything else as far as I can tell.

I read this exchange with interest, since I just replaced a Verizon router and an AirPort Extreme behind it with a $200 Synology RT2600ac. Among the “packages” Synology provides (free) is some Threat Prevention software that appears to do just about everything the BitDefender Box2 does.

The parental control module (which Synology calls "Safe Access") also seems to incorporate some of its security features, among them Google Safe Browsing, the database for which the router automatically downloads. I enabled it once to see what it did, not using any of the features specifically geared towards parental control but thinking the other security-related features might be handy.

It seems to be overzealous. When I was doing some research on early Macs, I found mac128.com, which just has some how-to articles and related info, as far as I can tell, with the individual entries playfully laid out to resemble the 128K user manual! When I went back there a second time after enabling the feature, it was blocked. The screen did not mention Synology at all, but the color was the same as the router's wonderful GUI. The wording was very vague, yet it would scare a novice:

"This connection is not secure! The website is blocked because it is recognized as dangerous. If you proceed, your computer may be exposed to harmful programs."​

​

There is a button to "Proceed anyway." This blocking would be a useful feature if it explained why a site has been blocked, so that one may know if it is indeed safe to proceed. The only thing I know is that it is not related to Google Safe Browsing, because their lookup site has no problem with that domain. I have no idea where to report a possible false positive. So I'm happy with the router, but not that feature. I would hope the BitDefender Box2 is more informative with regard to why it blocks what it blocks.

I first went to the mac128 site a couple months ago, but I re-enabled the feature today as a test and went back there again today; it was still blocked.

Oh, and FWIW, I also have an Ooma Telo plugged into the thing - no issues related to latency or anything else as far as I can tell.

... It seems to be overzealous. When I was doing some research on early Macs, I found mac128.com, which just has some how-to articles and related info, as far as I can tell, with the individual entries playfully laid out to resemble the 128K user manual! When I went back there a second time after enabling the feature, it was blocked. The screen did not mention Synology at all, but the color was the same as the router's wonderful GUI. The wording was very vague, yet it would scare a novice:

"This connection is not secure! The website is blocked because it is recognized as dangerous. If you proceed, your computer may be exposed to harmful programs."There is a button to "Proceed anyway."​

This blocking would be a useful feature if it explained why a site has been blocked, so that one may know if it is indeed safe to proceed.

It looks like it is blocking the site due to certificate issues. Try turning off the safe blocking and use the https:// prefix when trying to access the mac128.com. You will get a "This site is not private" error in Safari, as well. When I examine the certificate, it looks like certificate is not properly issued for the website.

Considering the site apparently has not been updated in over 10 years, it sounds like it is pretty much abandoned.

Plug and go, and I remember saying to myself, "What's he's talking about?", when I read your question. I've never had any QoS problems with my Telo, and wasn't aware there were any - maybe because I'm on FiOs in the Boston area?

I did notice that, when I plugged it in, it (and my wired printer) downgraded the RT2600ac's ports to Fast Ethenet (orange LED). Not unexpected, but being mildly paranoid about the speed of my LAN, I put them both behind an old gigabit switch I had lying around and, voila, all (including the switch) went green for gigabit. Go figure, and probably unnecessary but...

Returning to topic, I should add that in my small one-story condo with plaster walls laid out in a way that puts the router at one end, not ideal, the RT2600ac's wireless coverage is much better than the AirPort Extreme's (802.11n) was - band-steering and beam-forming all being new to me and all performing as advertised - and the set-up is easy unless you want to delve into the settings and features. Upgradeable to mesh, iPhone app, etc. - see Wirecutter. I'd recommend one to anyone as a replacement for AirPort, especially if you want a BitBox for free.

Thanks. The ones starting with 5C (01011100) are globally-assigned addresses. 5C:B0:66 is assigned to Arris, which makes sense, since the SSID ("Internet1") sounds like a customer's LAN.

They others begin with 6E (01101110), 7E (01111110), 8E (10001110) and 9E (10011110). So we now know that Comcast is generating unique self-assigned MAC addresses for the networks they create.

It also looks like Comcast's algorithm is to replace the first byte and leave the rest unchanged. All of them (except for "XFINITY") seem to come in pairs (ending in "3F" and "40") here, which probably means the router has two radio interfaces (2.4GHz and 5GHz, I would assume).

If this holds true for others, then you can probably identify whose router each "xfinitywifi" network corresponds to by comparing the last 5 bytes of its MAC address with some other network's MAC address.

Interesting! This possibility never crossed my mind because none of my browsers report that the site even has a certificate, expired or otherwise, let alone attempt to use it. They will happily navigate to it as long as Safe Access is off, never attempting to establish any secure connection.

To my knowledge, trying to force secure connections isn't among the Safe Access feature set. Even with Safe Access on, https never even enters the picture from a user perspective. While your reasoning is likely spot-on, Synology's methodology and presentation in this area leave much to be desired.

As old as the site is, I never tried manually navigating to a secure version of it.

Briefly, so as not to go off-topic... At some point in the past, Ooma used to recommend making QoS adjustments in your router to give the Telo priority, if the Telo was placed behind it; maybe that has changed. In any event, I am glad it's working well for you.

I did notice that, when I plugged it in, it (and my wired printer) downgraded the RT2600ac's ports to Fast Ethenet (orange LED).

It downgraded all the ports? I have a TiVo Premiere that did that because that's all it supports, but only that one LED is orange. Everything else is happily green. Should I invest in a switch just in case? (And if so, does anyone have any recommendations?)

At some point in the past, Ooma used to recommend making QoS adjustments in your router to give the Telo priority, if the Telo was placed behind it; maybe that has changed. In any event, I am glad it's working well for you.
It downgraded all the ports? I have a TiVo Premiere that did that because that's all it supports, but only that one LED is orange. Everything else is happily green. Should I invest in a switch just in case? (And if so, does anyone have any recommendations?)

No, only the ports they plugged into and, as I said, the switch was (in my very limited but evolving understanding of networking hardware) probably unnecessary. Why all its LEDs are green mystifies me though. It's a D-Link DGS2205 that in the past has always shown any fast ethernet connections as orange.

I think I do now remember the Ooma caution about priority and would have probably acted on it, if I'd had QoS problems. Good to be reminded if I ever do, thanks!

To my knowledge, trying to force secure connections isn't among the Safe Access feature set. Even with Safe Access on, https never even enters the picture from a user perspective. While your reasoning is likely spot-on, Synology's methodology and presentation in this area leave much to be desired.

I opened a ticket with Synology, hoping to gain some insight as to why Safe Access would block access to the mac128 site, reporting it as a potential false positive. The reply stated the painfully obvious, that Safe Access blocks traffic when the mechanisms it uses detect what it thinks is malicious traffic. They then suggested it could be due to third parties spoofing IPs... and, of course, included a link on how to add an exception.

I pointed out that the complete lack of information as to why something is blocked makes it much more difficult to determine whether or not it is truly safe to add any given exception. They replied they would submit a request to provide more detailed information when something is blocked. I won't be using Safe Access unless and until that happens. While I still love and recommend the product, I'm not holding my breath for the Safe Access feature to improve.

I have a 3rd-generation Time Capsule, and for many months now it has been dying. The symptom is that it is unresponsive, with the status light out. Unplugging it and plugging it back in fixes it for a day or two, and then it dies again.

I figured this was due to the known problem with the capacitors in the older Time Capsule's power supply, and it would need to be replaced. Note that the recent firmware upgrade did not help.

Apparently not! On July 1st Apple turned off the Back to My Mac service, so I removed the BtMM sign-in in the Time Capsule settings. The Time Capsule has been up ever since!

Arrgh, I posted too soon. The Time Capsule has crashed again. I swear, though, that it stayed up longer since I turned off Back to My Mac.

Since the Time Capsule log isn't persistent across boots, there's no knowing what's actually going wrong, unless I can figure out how to get the remote syslogging to work. In AirPort Utility 5.6, it is simple: just enter the Syslog Destination Address. But how do you configure a High Sierra Mac to be a syslog server? Is this the correct procedure?

About 15 years ago, I set up a wireless network in our home. This was necessary because our house was built in 1925 with lathe and plaster walls. The network consists of an Apple AirPort Extreme base station (6th Gen with Time Capsule) and three Airport Express routers — one rectangular (A1084) and two square (A1264).

Using the AirPort Extreme to distribute WiFi with Bridge Mode off, the Expresses are on a LAN with Ethernet links. Our WiFi speed for our two Macs (iMac and Mac Mini) wired directly to them was about 125 Mbps. All portable devices also registered similar speeds when measured next to the Extreme router.

Now, away from the main router, it seems to take longer to download material from the Web to my MacBook Pro and our two iPhones, and three iPads. Away from the AirPort Extreme and in the same room with one of the Expresses, the download speed is about 6 Mbps down and 8 Mbps up. If you unhook the Ethernet feed from the Expresses, the green light turns yellow, and there is no signal to be had, so the 6Mbps signal was not being picked up directly from the Extreme, it is being delivered by the Express units.

There is the slim possibility that all three Expresses had never broadcast more than 6 Mbps, but I doubt it. Does anyone have any idea what could be wrong with this LAN? I’d appreciate any help or any suggested lines of investigation that might improve our WiFi signal around this old house.

Adding Wi-Fi base stations when it is unnecessary can reduce Wi-Fi throughput because the Wi-Fi network will require more data management overhead. The network configuration also becomes more complex. In the case of a wirelessly extended network, throughput may be reduced to less than 60 percent of that of a single device.

Your "rectangular" AirPort Express (model A1084) offers 802.11b/g. With g, that should give you up to 54 Mbps, though C|Net's 2004 review showed it only delivers a maximum of 16 Mbps with mixed b and g clients.

If, as appears likely from your description, you have no 802.11b-only clients (seems unlikely unless you have an older device on your network that you didn't mention), I wonder whether the old Express is operating in b mode only. Seems as though you could test whether it's the bottleneck by disconnecting it and seeing if your throughput improves.

Another possibility is that the switch or hub or router that provides the RJ-45 port to which your Expresses are connected is for some reason delivering only 10Mbps Ethernet to those ports. Turning it off and on again is probably the the best way to test that, though it's the sort of thing that should nominally only happen on a per-port basis if the ports are auto-sensing. Had any electrical storms lately?

... I still have my Expresses. They're pretty good paperweights for when the fan's aimed at the desk. But abandoned as they are by Apple, and not receiving security updates, they probably should be by you, too.

[To rule out potential encryption overhead], if you can access settings for your Expresses, you could test their highest potential by making them fully open instead of requiring a password. Try that, one at a time.

Again, if you can access settings, you could try defining each Express as its own access point with unique SSID. If they're sharing one SSID now, so you can wander around the house on one SSID, their signals could potentially be colliding. My Airport Extreme WiFi started having issues. It was on the North wall of my house. New neighbors had just installed their own WiFi router on the South wall of theirs, within 15' of my AirPot Extreme. Both routers were on the same WiFi channel, and theirs seemed more powerful. Changing the channel of mine helped.

It's helpful to have a WiFi diagnostic tool that reports on what networks are in range, their channels, and signal shape.

I rebooted each of the AirPort Expresses to no avail. The only dramatic result was when I turned off the rectangular Express, the signal in the room increased by a factor of 4. I think that the my iPhone responded to the station in the room, and when it was turned off, it picked up the AirPort Extreme on the floor below.

I tried just unplugging and replugging the hub. Nada. After many trips across the house, the only thing that seems to make sense is a bum internet cable to the hub. There are some things I could try, but the Ethernet lines were put in 15 years ago. Swapping lines, some snaked behind lathe and plaster walls, present a mountain I'm not ready to climb.

So, I'm looking at an Eero mesh net. Considering that I've got Ethernet lines to all the strategic areas and those walls, I'm inclined to go with 3 of the Eero Pros instead of the set of a Pro and 2 Beacons.

I tried just unplugging and replugging the hub. Nada. After many trips across the house, the only thing that seems to make sense is a bum internet cable to the hub. There are some things I could try, but the Ethernet lines were put in 15 years ago.

Joe's comment made me wonder if you might have a very old Ethernet switch/hub. If so, it might be subtly failing (I've seen that happen — very frustrating) or even be so old it doesn't handle 100+ Mbps. In either case, it might be worth just buying a new Ethernet switch, considering how cheap they are now.

My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem?

My coax cable is double-shielded (copper braid plus aluminum foil), and it's my belief that the interference reaches my antenna about 100 feet from the Time Capsule. While I might be able to place the router elsewhere, it is close to where our Internet connection enters my house.

My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem? ...

I ran into 2m interference with an older Airport Extreme (one of the 'short' ones - 5th gen?), which I deduced was due to the power supply.

Happily, simply dorking around with the orientation of the Airport Extreme removed the interference. The best was standing the Airport Extreme on edge, at about a 45° angle from the LMR-400 run it was near.

I tested a recent Nighthawk, and while it was better for WiFi, it still produced interference. Again, changing positions helped. The interference is a raised noise floor, quite high.

My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem?

After testing all the cables that I could test, I decided to upgrade my Farallon Starlet/8 !0 Base-T to a Netgear 8-Port Gigabit hub. It was in the process of switching the cables from one hub to another that I found that one of the Ethernet ports had died. Luckily, when I had the Ethernet wiring installed, I distributed the ports across the house. In the same room behind our upright piano, was a live port. Also, another bit of luck, the Netgear hub fit snugly into my crude wooden rack I had made for the Farallon over 15 years ago!

One of the things this episode taught me is that the Airport Utility display is not a "wiring" diagram, but a "connectivity" diagram. It’s therefore dependent on where you are standing and how strong the signal is, as to what you will see. In retrospect, duh!

MacInTouch

I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. I hope I'm not jinxing things, but I was stunned by how nice it is — like the very best products Apple ever did in the past and way, way better than AirPort — in every detail from packaging to software to documentation to hardware design.

The idea was to move to a mesh system for hopefully better performance in a largish 2-story house with lots of competing WiFi in neighboring houses. The jury is still out on the amount of improvement, partly because WiFi is so frustratingly inconsistent in general, but I am getting very good performance (around 20-25 Mbps), given the FiOS service at the location.

As mentioned previously, I'd switched from 5GHz back to 2.4GHz after test results were better at the slower speed, but the AmpliFi is at 5GHz and seems OK on the opposite end of the house from the router (and near a neighbor's WiFi).

Other notes:

The remote mesh points take a while to get up and running after being powered up (including when they're moved from one wall plug to another).

The management app needs to be on the same LAN as the AmpliFi (of course), and a VPN can interfere with that (i.e. needs to be disabled).

The installation guide says the ISP router needs to be turned off when connecting the AmpliFi, but that wasn't necessary. (I did have WiFi disabled already on the Verizon router.)

The iOS app, beautifully designed, provides a wealth of information, although it's not clear exactly how clients are assigned to access points (though you can work out which one each client is connected to).

As has been noted before, you can hold down the Option key while selecting the WiFi menu in the macOS menu bar to get extra useful information (e.g. signal levels, transmission rates, channel, security, etc.) in faint gray text.

MacInTouch

The idea was to move to a mesh system for hopefully better performance in a largish 2-story house with lots of competing WiFi in neighboring houses. The jury is still out on the amount of improvement, partly because WiFi is so frustratingly inconsistent in general, but I am getting very good performance (around 20-25 Mbps), given the FiOS service at the location.

MacInTouch

For good measure, I connected the Intel NUC directly to the Internet router with an Ethernet cable (since, gee, it actually has an Ethernet port...). No improvement from the direct connection vs. AmpliFi wireless at the other end of the house from the router and base station with intervening walls/floors.